nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

"The Nest+Yale lock uses Google's Thread IoT protocol to communicate with its Connect bridge – or its Secure home station if you have that. This is a smart move as it puts a buffer between the lock and the internet. It's going to make hacking the door to open a much harder affair."

Without knowing the ins-and-outs of the security involved I'm can't help but feel this is the triumph of hope over experience....

77
1
Silver badge
Coffee/keyboard

this is the triumph of hope over experience

It'll sell well to the millennials and urban hipsters. Whereas I won't have one ever.

Trusting Google? Bwahahahahahahaahahaa!

55
2
Silver badge

Trusting Google? Bwahahahahahahaahahaa!

One thing for certain - you can trust them to open the door to anyone with a court order. One thing less for the police to bother when they are breaking in.

46
2

It’s not third party access to the locking and unlocking I would be worried about. Always doing what they say on that score is the minimum requirement if they want the company to continue in business. Even one instance of “letting law enforcement in against the will of the owner” would see the business die in an instant. The things I would worry about are: 1. Is truly hack proof? Even if the security is considered very good, security is hard and we have seen too many instances of putatively competent security programmers (hardware and software) making catastrophic errors because there is some left-of-field vector/strategy they have unwittingly introduced or opened their code up to. 2. Camera. In conjunction with 1 are my comings and goings being monitored?

I installed a remotely accessible webcam in my appartment some time ago for when I was doing contract work in Germany. I ended up unplugging it after just a few days precisely because of the nagging unease the two points above raised.

16
1
Anonymous Coward

"Trusting Google? Bwahahahahahahaahahaa!"

Google's Thread IoT protocol

it is not a matter of trusting google or not, they just created and open sourced its IoT protocol.

you can always ask yourself why you should trust the lakes of yale who make a good living on selling locks... locks that need replacing. why do they need replacing? because they failed?

6
22

"locks that need replacing. why do they need replacing? because they failed?"

Umm, yes. Why would you expect a mechanical device which is left exposed to the elements and is almost certainly never given any sort of maintenance, not to fail at some point?

And then there's the rather healthy business of selling new locks to people who've just moved house and would prefer not to trust that all copies of the existing keys are now in their hands, people who've extended their homes and now have new exterior doors in need of securing, people who've lost a door key somewhere and would prefer not to hope that it's either never ever found or is only ever found by someone sufficiently trustworthy to not do anything dodgy with it, people who're replacing older less secure locks with newer ones...

No, can't think of any good reasons why lock companies manage to stay in business, guess they must all be up to no good eh.

36
0
Silver badge

I bet you my savings the average lifetime of a Yale lock is more than the average lifetime of this contraption.

And Yale won't suddenly announce that all their locks will be depreciated in a month and please buy a new one.

40
1
Anonymous Coward

In before the luddite responses..

I have no issues with security of this, my problem is the UK website is clearly reviewing a US product for US doors.

Does this work with 5 point locking mechanisms found on European UPVC doors? Of course it doesn't....

30
2

Not just Google

To be honest, would you trust this type of lock who ever produced it? I know I would not, the lock and key goes back centuries and is a tried and tested security product, sure there are ways to get into some of them, but I still prefer my key to some electronic lock.

12
2
Def
Silver badge

Re: Not just Google

...the lock and key goes back centuries and is a tried and tested security product...

That nobody ever picked/drilled/kicked...

6
11
Gold badge
Unhappy

Does a keypad lock with a good range of options *need* internet connetivity?

Seem to be the attractive parts of an electronic lock are

a) Easy to cancel the key code

b) Audit trail if needed

c) Multiple codes assigned to different people and/or valid at different times

None of which needs an internet link.

9
1
Silver badge
FAIL

Re: Not just Google

That nobody ever picked/drilled/kicked...

You can't pick or drill a lock without standing right next to it. With the right tools.

Hacking an electronic lock can be done from Outer Elbonia.

15
1
Anonymous Coward

Jolly good. If they do have a valid reason to break in, better they do so without smashing the door down (and then telling you afterwards you got to pay for repairs out of your own pocket, even if the raid was fruitless).

1
1
Silver badge
Windows

"It'll sell well to the millennials"

Millennials is anyone born since 1980, so it's basically a sneering way of saying "people under forty". Depending on where you live, people under 40 probably make up more than 50% of the population now.

2
4
Silver badge

"Without knowing the ins-and-outs of the security involved I'm can't help but feel this is the triumph of hope over experience"

I'm sure I'm not the only one who reads "buffer" as "additional attack surface".

2
1
Silver badge

Re: Does a keypad lock with a good range of options *need* internet connetivity?

None of which needs an internet link.

Indeed. The company I worked for 10 years ago has a very similar system (which we sold to rental companies) that didn't involve a third-party having access to your infrastructure..

(We sold two versions - one that used RS232 comms and one that used TCP/IP... both controlled from a local PC.

1
0

Re: Not just Google

Which is why I said "sure there are ways to get into some of them, but I still prefer my key to some electronic lock."

the old locks are still more reliable and can not be hacked.

0
0
Silver badge

Mr Robot Smart Home Hack

I'll just leave that here...

14
2

Re: Mr Robot Smart Home Hack

I'm with you there Dan. And here's another little morsel of thought, Locks only keep honest people out!

4
0
Anonymous Coward

How do you get your phone out of your pocket and use the app if you are carrying shopping? I would have thought it would be easier to put shopping down and tap the code when you get to the door.

If it was mains powered with a battery back up and using open source software where you could use your own or no server then I would be interested. Until someone offers that I'm not going there. I also have no doubts that if these become adopted by a lot of people that law enforcement will get a back door for the front door.

55
1

> How do you get your phone out of your pocket and use the app if you are carrying shopping?

Presumably you do that before you get the shopping out of the car.

But yeah, I agree with your other points completely.

14
1
Silver badge

That brings up a similar point which I encountered with a safe not long ago. What happens when Murphy strikes the batteries run down at a most inopportune time. At least with the safe the batteries can be accessed from the outside, and a quick changeout put me back in business, but what about this lock?

At least with a physical lock, no batteries are necessary, and with the Kwikset Smartkey system, locks can be rekeyed in seconds allowing for temporary key sets while you're away (you simply rekey them back when you get home). All mechanical, so no electricity necessary.

19
2
Silver badge

How do you get your phone out of your pocket and use the app if you are carrying shopping?

You should not need to. A few years ago I had some demented plans to add proximity opening to my front door lock using bluetooth. The use case was the kids losing keys but never forgetting their phone. I gave up after figuring out just home much work do I need to do to secure it properly.

A recent revisit of the same idea from a wifi perspective was ditched for a similar reason. In fact wifi is even worse. While you can sort-a contain bluetooth so it works only in front of the front door (at least you think so) wifi will always be all over the place so you cannot get a proper phone location.

In any case, the kids stopped losing the keys so there is no longer a use case and I have other stuff to occupy my time (f.e. the annual spring overhaul of all bicycles which is happening this morning).

If they start losing them again I may actually consider using NFC for that. The only thing which should "just work" tm and no need for any f*** apps.

17
2
Silver badge

"Presumably you do that before you get the shopping out of the car."

And I imagine most people have their door key on the same keyring as the car key so why not just use that (so none of "it's something we all do when we get home: rummage around in your pockets or bag, find your keys, identify the one you want and then stick it in your front door to gain access")?

In agreement too because this feels too much like a solution looking for a problem.

47
1
Silver badge
Devil

I found that simply refusing to come back home to let them in until it was convenient really improved the kids ability to remember their keys!

46
0

You get someone else to carry the shopping. ...

4
0
Anonymous Coward

You might be onto something here, deal with the kids by getting them to carry the shopping, genius.

7
0
Silver badge
FAIL

Re: Kids carrying the shopping

Good idea in principle but.

Sadly No 1 Child is in New Zealand and No 2 Child is in Vancouver.

5
0
Anonymous Coward

Re: Kids carrying the shopping

At least they are nice kids.

3
0
Go

Bluetooth

My front door electronic lock opens to a tap on the metal surround & if a suitably authorized phone with Bluetooth activated is in range (or by using the phone app itself).

In 99.9% of cases something usually needs to be put down in order to open the door by the handle, unless you are a resident of The Village with self opening doors.

4
0
Silver badge

"If it was mains powered with a battery back up..."

That was one my first thoughts too. Why not an external power source option which can keep a rechargeable battery topped up in case of power outage?

5
0
Bronze badge

re: if it was mains powered

I am seeing both benefits and disadvantages to hooking up the external door(s) to mains power...

5
2

Re: Bluetooth

In 99.9% of cases something usually needs to be put down in order to open the door by the handle

Lever handles for the win. Then you can use your elbow or your shopping to open the door.

6
0
Silver badge

Someone else mentioned the Kwikset lock to me not long ago when I was doing the insurance renewal checklist. The main issue I had was that after googling it I found this video that made me think twice.

5
0

Re: re: if it was mains powered

I was thinking the same thing. Would be great to if the door handle wirede to mains could tazer any undesirables who attempt unauthorised access and then using the nest webcam post the video to Facebook. What could go wrong...

4
0
Def
Silver badge
Coat

Re: re: if it was mains powered

I am seeing both benefits and disadvantages to hooking up the external door(s) to mains power.

All of them, unfortunately, too large for this ̶m̶a̶r̶g̶i̶n̶ forum.

1
0
WTF?

... feels too much like a solution looking for a problem.

Hmm ...

... feels too much like a solution looking for a problem Nest wanting to make a boatload of money from all the clueless morons out there.

There you go.

Google's Thread IoT protocol indeed.

7
4

> And I imagine most people have their door key on the same keyring as the car key.

I think most of their target customers already have cars with keyless start and keyless entry.

4
0
Silver badge

Re: re: if it was mains powered

"I am seeing both benefits and disadvantages to hooking up the external door(s) to mains power..."

Done properly, it could discourage people from trying their luck hoping the it's unlocked :-)

But I suspect by "mains", people are referring to a mains powered adaptor to push 5-12v into the lock unit.

4
0

I'm in exactly the same position. Kids losing keys meaning replaced locks at £20 a time. They don't keep their Bluetooth turned on as they're under some 2012-style belief that it runs your battery down.

There's probably a solution using MAC addresses. I've got a Samsung SmartThings setup where the presence location is notoriously flaky and needs the app installed on every phone. Cue kids wailing "we don't have enough space for the app, waaaah". Whatever. But what I can do is run a script on my Asus router (it will work on anything that runs a WRT-style environment, or perhaps even Tomato) which checks for their MAC address every 10 seconds and flips a virtual switch via HTTP, notifying SmartThings that they're home. Typically works as they walk up the path. It has the benefit of it needs nothing installing on their device, they just need to connect to the WiFi - which they do, constantly, because teenagers.

0
1
Silver badge

I also have no doubts that if these become adopted by a lot of people that law enforcement will get a back door for the front door.

As an alternative to them using The Key (a large heavy battering ram) to smash the door to pieces, I can't see the problem. They're unlikely ever to be allowed warrantless entry, so the only real difference is when they leave, your door still works.

5
0

And of course that back door will be so secure that only law-abiding agents will be able to use it, never the bad guys, right?

1
1
Bronze badge

The power seldom goes out here. When the batteries die of a natural death (which all eventually do), I would likely put the chore of changing them on my to-do list, which is very long. Of course, that's the time that the mains will fail.

As stated elsewhere, a lock mainly keeps honest people and stray kids out, but it also encourages bad guys to seek softer targets. We are just competing against each other. "Look, I have an 'alpha' lock. It's less work to rob the guy over there with a cheaper lock."

And this segways into another burr up my backside. We spend all this money on locks and security systems because of criminals, yet the money is never included in the cost-of-crime figures. If they did include them, people would understand the appropriateness of harsh sentencing for those necessitating these expenses.

2
0

Re: Bluetooth

My front door is to be honest a pain to open with one hand, as you need to turn the key and at the same time press the handle down. It is a security door, I have no idea why they think we needed one, since this house have had a wooden door with a yale lock since it was built.

0
0

Chris, you know your mac address is a software config right? You want to base your home security and not letting in strangers on the basis that they also don't know this fact?

2
0
Anonymous Coward

"You might be onto something here, deal with the kids by getting them to carry the shopping, genius."

OR it might convince them to kill time be becoming delinquents so that when you get home you find a constable with them and some explaining to do...

0
0
Silver badge

Keyless entry for residential property?

Anyone installing this chez them deserves everything coming their way.

Insurance company - "You were burgled but there's no sign of forced entry? That's a shame. Goodbye."

44
1

Re: Keyless entry for residential property?

I would be more worried about fire, say there is an electrical fault with the device and it catches fire (it can happen), now your point of exit in case of a fire is suddenly on fire. In a flat with only 1 door, being on a high floor and having the door itself catch fire doesn't seem like a good idea to me. (okay, the door itself won't catch fire, modern ones should be made of metal)

7
5
Silver badge

Re: Keyless entry for residential property?

Insurance company - "You were burgled but there's no sign of forced entry? That's a shame. Goodbye."

This type house security is reletively modern. Car companies have been doing to for longer. And look how many "secure" cars are stolen using tech to by-pass the keyless security,

8
0
Anonymous Coward

Re: Keyless entry for residential property?

I can only presume you have NOTHING battery powered in your house in case it catches fire. Or battery powered objects are not allowed along a three feet wide path to the front door in case your TV remote explodes all by itself but you can't step over it to escape.

What about your smoke alarm? That's got a battery in it. What if that catches fire? The irony.

2
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing